제출 #181597: There is a backend getshell vulnerability in Easyadmin8정보

제목There is a backend getshell vulnerability in Easyadmin8
설명 Enter the backend, find the configuration options, and add the upload type PHP http://localhost/admin/index/index.html#/admin/system.uploadfile/index.html Click on product management options: http://www.easyadmin8.com/admin/index/index.html#/admin/mall.goods/index.html add a new product click image icon upload a.php then getshell Fix for file upload vulnerability: The upload module needs to exist on the website, and permission authentication needs to be done to prevent anonymous users from accessing it. The file upload directory is set to prohibit script file execution. Even if the dynamic script of the uploaded backdoor cannot be parsed, causing the attacker to abandon this attack path. Set up a whitelist for uploading, which only allows images to be uploaded, such as jpg png gif. Other files are not allowed to be uploaded. The uploaded suffix name must be set to an image format such as jpg png gif.
원천⚠️ https://github.com/wolf-leo/EasyAdmin8/issues/1
사용자
 XMAO (UID 18088)
제출2023. 07. 12. PM 01:15 (3 연령 ago)
모더레이션2023. 07. 20. AM 10:18 (8 days later)
상태수락
VulDB 항목235068 [EasyAdmin8 2.0.2.2 File Upload index.html 권한 상승]
포인트들20

Interested in the pricing of exploits?

See the underground prices here!